Bug ID 1040817: Users are shown the prompt to change their password even though the corresponding PSO object fetch from Active Directory fails.

Last Modified: Oct 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:

Opened: Aug 16, 2021

Severity: 3-Major


Users are prompted to change their password when they should not be. The following errors are logged into /var/log/apm: Can't get PSO for domain 'TESTDOMAIN.LOCAL' Failed to get maximum password age from domain 'R4.RHA-RRS.CA' for user 'testuser@TESTDOMAIN.LOCAL'


Users are shown a prompt to change their password.


-- An Active Directory AAA server object with an admin account that does not have permissions to the active directory password policy. -- An Active Directory query object configured to warn the user about password expiration -- Attempt to logon to the virtual server with this access policy.


Disable the warning configuration from the Active Directory query object in the visual policy editor.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips